From 7b9c6459e3f74b2c8eeffc0c41c3dd8d5002c1e4 Mon Sep 17 00:00:00 2001 From: Devin Howard Date: Fri, 19 Feb 2016 09:23:39 +0800 Subject: [PATCH] allow embedding --- app/controllers/application_controller.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 74d56340..fb29d7f3 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,6 +2,7 @@ class ApplicationController < ActionController::Base protect_from_forgery before_filter :get_invite_link + after_action :allow_embedding # this is for global login include ContentHelper @@ -69,4 +70,11 @@ private safe_uri = (unsafe_uri.match(valid_url)) ? unsafe_uri : '//metamaps.cc/' @invite_link = "#{safe_uri}join" + (current_user ? "?code=#{current_user.code}" : "") end + + def allow_embedding + #allow all + response.headers.except! 'X-Frame-Options' + # or allow a whitelist + # response.headers['X-Frame-Options'] = 'ALLOW-FROM http://blog.metamaps.cc' + end end